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Determination of Patent Term Adjustment under 35 U.S.C. 154 (b) 

(application filed on or after May 29, 2000) 

The Patent Term Adjustment to date is 737 day(s). If the issue fee is paid on the date that is three months after the 
mailing date of this notice and the patent issues on the Tuesday before the date that is 28 weeks (six and a half 
months) after the mailing date of this notice, the Patent Term Adjustment will be 737 day(s). 

If a Continued Prosecution Application (CPA) was filed in the above-identified application, the filing date that 
determines Patent Term Adjustment is the filing date of the most recent CPA. 

Applicant will be able to obtain more detailed information by accessing the Patent Application Information Retrieval 
(PAIR) WEB site (http://pair.uspto.gov). 

Any questions regarding the Patent Term Extension or Adjustment determination should be directed to the Office of 
Patent Legal Administration at (571)-272-7702. Questions relating to issue and publication fee payments should be 
directed to the Customer Service Center of the Office of Patent Publication at l-(888)-786-0101 or 
(571)-272-4200. 
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Applicant(s) 

KEITH BROTHERS ET AL. 


Examiner 
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Art Unit 

2435 





~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . This communication is responsive to 4/9/09 . 

2. ^ The allowed claim(s) is/are 2-45 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1. 84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . ^ Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. □ Notice of Informal Patent Application 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. ^ Examiner's Amendment/Comment 

8. ^ Examiner's Statement of Reasons for Allowance 

9. □ Other . 
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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Syed AN (reg. no. 58,780) on 7/20/09. The amendments are to overcome minor 
objections to claims 10 and 16. 

The application has been amended as follows: 

AMEND THE FOLLOWING CLAIMS AS FOLLOWS: 

10. (currently amended) A system for protecting a computer network, the system 
comprising at least one computer device, the at least one computer device having one 
or more modules, including: 

a detection module configured to: 

monitor one or more packets received from a source device to determine 
whether one or more of the received packets include one or more harmful 
computer code signatures, and to further monitor the received packets to 
determine whether one or more of the received packets include identifying 
information that has a history of being included in packets associated with one or 
more previous attacks directed at a target device coupled to the network; and 
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detect an attack directed at the target device if one or more of the 
monitored packets include one or more of the harmful computer code signatures, 
and to further detect the attack if one or more of the monitored packets include 
the identifying information that has the history of being included in packets 
associated with the previous attacks directed at the target device; 
a scanning module configured to determine a severity of the detected attack 
directed at the target device; 

a log creating module configured to create an attack profile based on information 
associated with the detected attack, wherein the attack profile provides identifying 
information included in the monitored packets that include the harmful computer code 
signatures, and wherein the attack profile further provides the identifying information 
that has the history of being included in packets associated with the previous attacks 
directed at the target device; and 

a blocking module configured to: 

block one or more of the monitored packets from being transmitted to the 
target device, wherein the blocked packets include the identifying information 
provided in the attack profile, and wherein the blocking module is further 
configured to disable a communication channel connecting the source device to 
the target device to block the packets from being transmitted to the target device; 

block one or more subsequently received packets from being transmitted 
to the target device if the severity of the detected attack exceeds a 
predetermined threshold, wherein the subsequently blocked packets include 
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packets originating form the source device and packets directed to the target 
device; 

notify a user if the source device originates internally to a defined 
perimeter of the target device, wherein the user is notified that the 
communication channel has been disabled and that the attack originated 
internally to the defined perimeter of the target device; and 

enable the communication channel for at least one system that runs a 
valid application over the communication channel if the source device originates 
externally to the defined perimeter of the target device. 

16. (currently amended) A computer device for detecting and preventing attacks 
directed at a target system, the computer device having one or more modules that 
cause the computer device to: 

receive one or more packets originating from a source system, wherein the 
received packets are directed to the target system; 

monitor the received packets to determine whether one or more of the received 
packets include one or more harmful computer code signatures, and further monitor the 
received packets to determine whether one or more of the received packets include 
identifying information that has a history of being included in packets associated with 
one or more previous attacks directed at the target system; 

detect an attack directed at the target system if one or more of the monitored 
packets include one or more of the harmful computer code signatures, and further 
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detect the attack if one or more of the monitored packets include the identifying 
information that has the history of being included in packets associated with the 
previous attacks directed at the target system; 

create an attack profile based on information associated with the detected attack, 
wherein the attack profile provides identifying information included in the monitored 
packets that include the harmful computer code signatures, and wherein the attack 
profile further provides the identifying information that has the history of being included 
in packets associated with the previous attacks directed at the target system; 

block one or more of the monitored packets from being transmitted to the target 
system, wherein the blocked packets include the identifying information provided in the 
attack profile, and further to disable a communication channel connecting the source 
system to the target system to block the packets from being transmitted to the target 
system; 

block one or more subsequently received packets from being transmitted to the 
target system if a severity of the detected attack exceeds a predetermined threshold, 
wherein the subsequently blocked packets include packets originating from the source 
system and packets directed to the target system; 

notifying a user if the source system originates internally to a defined perimeter of 
the target system, wherein the user is notified that the communication channel has been 
disabled and that the attack originated internally to the defined perimeter of the target 
system; and 
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enable the communication channel for at least one system that runs a valid 
application over the communication channel if the source system originates externally to 
the defined perimeter of the target system. 



The following is an examiner's statement of reasons for allowance: Independent 
claims 10, 16, 23, and 37 have been amended to recite subject matter that was 
indicated as allowable over prior art in the prior office action. The remaining claims are 
allowable over the prior art due to dependency on one of these aforementioned 
independent claims. Note that as per claim 10, the system being claimed is statutory 
because the at least one computer device being claimed as part of the system is a 
machine. One skilled having read paragraphs 36 and 56 and viewed Figure 1 in context 
of these paragraphs would understand that the term "devices" as used in the present 
application and having modules as recited in claim 10 are machines. Claim 16 is 
statutory for similar reasons-the claim is directed towards a computer device, which 
when interpreted in light of the specification, one skilled should understand is a 
machine. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to PONNOREAY PICH whose telephone number is 
(571)272-7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Thurs. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Ponnoreay Pich/ 

Primary Examiner, Art Unit 2435 



